I was genuinely surprised and scared for a second. One can argue that this is not really a problem with terminals, but with HTML/CSS.

I don't usually copy and paste from the browser into the terminal. With longer commands I do, but only after checking the code for malicious content. After discovering this I am not sure if I can ever assume any code to be safe.

Thankfully, a user going by the username moonboots, shared the following on Hacker News:

Bash and Zsh provide shortcuts to open a text editor where commands can be pasted and edited before running (Ctrl-x Ctrl-e in bash, need to enable in zsh).